[Mimedefang] umask, mimedefang, clamd and spamassassin
Steve Hanselman
steveh at brendata.co.uk
Tue Feb 3 05:11:44 EST 2015
Ok, spamassassin is 3.4 and mimedefang is 2.73 although having checked
the diff's there's nothing relevant to this between 2.73 and 2.75
(trying to use Ubuntu repos, not sure why they haven't packaged 2.75
yet)
Here are the relevant lines from an strace from the multiplexor
root at prodmail18:~# grep -n umask t.mux
82:4033 umask(077) = 022
179:4033 umask(07) = 077
184:4033 umask(027) = 07
9070:4033 umask(01777777777777777777077) = 027
9096:4033 umask(01777777777777777777177) = 077
9102:4033 umask(077) = 0177
root at prodmail18:~# grep -n Work t.mux
11405:4040 mkdir("Work", 0750) = 0
11534:4040 stat("Work/msg-4040-1.txt", 0x11be070) = -1 ENOENT (No such
file or directory)
11535:4040 open("Work/msg-4040-1.txt", O_WRONLY|O_CREAT|O_TRUNC, 0666)
= 5
11611:4040 open("Work/INPUTMBOX", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
root at prodmail18:~#
umask isn't touched after line 9102 and the files are created from line
11405 onwards
Looking at the strace around 9102, this is in the auto-whitelist
functionality of spamassassin
I'm guessing that there is an exit path that doesn't reset the umask.
I think the fix is probably to assume that umask is tainted and to reset
after all spamassassin calls.
Regards
Steve
-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of David
F. Skoll
Sent: 02 February 2015 15:43
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] umask, mimedefang, clamd and spamassassin
On Mon, 2 Feb 2015 14:13:31 -0000
"Steve Hanselman" <steveh at brendata.co.uk> wrote:
> I've just run strace over a session and it would appear that
> spamassassin modifies the umask, which probably explains the issue (it
> also depends which tests you have enabled in spamassassin if you grep
> the tree).
What version of SpamAssassin? I'm still on 3.3.x and it seems to me
that all the calls to umask are careful to restore the original umask
afterwards.
> I'll check the entire details later but I think that mimedefang needs
> to reset the umask after it has called spamassassin, this is the
> likely cause for a number of the lstat errors with clamd.
OK; I can look at doing that.
Regards,
David.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list